Sneed-Reactivity/yara-mikesxrs/g00dv1n/Rogue.FakePAV.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

31 lines
No EOL
720 B
Text

rule RogueFakePAVSample
{
meta:
Description = "Rogue.FakePAV.sm"
ThreatLevel = "5"
strings:
$ = "ZALERT" ascii wide
$ = "ZAPFrm" ascii wide
$ = "ZAbout" ascii wide
$ = "ZAutoRunFrame" ascii wide
$ = "ZCheckBox" ascii wide
$ = "ZCplAll" ascii wide
$ = "ZFogWnd" ascii wide
$ = "ZFrameDEt" ascii wide
$ = "ZIEWnd" ascii wide
$ = "ZMainFrame" ascii wide
$ = "ZMainWnd" ascii wide
$ = "ZOptionsFrame" ascii wide
$ = "ZProcessFrame" ascii wide
$ = "ZProgressBar" ascii wide
$ = "ZPromo" ascii wide
$ = "ZReg" ascii wide
$ = "ZResFR" ascii wide
$ = "ZServiceFrame" ascii wide
$ = "ZUpdate" ascii wide
$ = "ZWarn" ascii wide
condition:
any of them
}